Fiber to the Cloud

Laurent (LB) BassAT&T – EBM (Emerging Business Markets)Sr. Technical Sales Consultant, CCSP, EMCCIS, VTSPMember IEEEAdjunct – Penn State

2014 CIO Priorities

1. Cloud Computing2. Security Enhancement3. Mobile Workforce4. Enterprise Res Plng5. Virtualization Servers6. Legacy Appl Renovation7. Bus Intel (Big Data)8. Disaster Recovery9. Identity, Access Mangmt10. Unified Comm

1. Security2. Consolidation/ Optimization3. Cloud Services4. Proj and Portfol Managmt5. Strategic IT Planng6. Budget, Cost Control7. Mobile Servs, devices, etc.8. Shared Services9. Interoperability10. Health Care

Priority StrategiesPriority Technologies

3

• Multi-protocol Label Switching (MPLS)-based services* available to 182 countries over 3,700+ nodes

• 38 Internet data centers across the globe

• Wired Ethernet (Hotel) in 52countries

• Ethernet access in 45 countries and over 2,300 access points around the world

• 909,787 fiber route miles

• 378,544 wavelength miles of 40 Gbps

• Remote access over 220,000 points in 154 countries

• Over 200,000 WiFi Hotspots in 96 countries and dial-up available in 154 countries

Simplified map: not all nodes/links/routes shown* MPLS technology enables high-quality delivery to multiple services over a single IP Network Infrastructure

The AT&Tnetwork carriesmore than

27.4Petabytes ofData Traffic on an AverageBusiness Day

Build the Best Network

Global Reach and Consistency

4

Problem Statement: DIY VPN vs. MPLS VPNCustomer is proposing to build his own VPN network to connect Cloud Services usingInternetconnections (DSL/Coax, Fiber) secured by IPsec/SSLencryption.

5

Lower number of vendors.Minimize costs.Minimize security risks.Minimize complexity.

Increase performance.Extend your capabilities w/service enhancements for internal clients.

Minimize downtime.

6

AT&T’s goals for the customer

DIY VPN – key weaknesse$

Is using a public network a good idea? Internet-based network = more potential security exposure.16

DIY VPN network = more management costs.2

Transparency is degraded (SLAs, trouble ticketing). 11,17

Cloud resources will need a boost to sustain performance.17

Downtime w/3x backbones is 3x single MPLS backbone. 11

VoIP / UC / mobile integration is much more difficult. 2

A single global platform enables the customer to more easily deploy numerous applications (VoIP, Telepresence, cloud). The more apps you place on the global platform – the cheaper it is to use.

Key Message

7

Small differences in network performance make a big difference in datacenter performance.37, 43

Completion time increases with network latency.42

TCP performance & data-transfer rate decreases as distance & latency increase - - regardless of bandwidth.41,43

Frame loss rapidly compounds the impact of network latency.41,43

Loss Effect on Virtual Machine Migration Completion Time

DIY VPN – increased congestion?

8

DIY VPN – increased congestion?Hot Potatoes- ISPs force traffic off their backbone as quickly as possibly if final destination is not on their network.1,43

Hot Potato routing is a primary reason the Internet doesn’t deliver the predictable performance that MPLS does.

Tromboning – IPsec VPNs forces traffic through a single location – severely increasing latency and decreasing performance.41,42,43

AT&T employees working VO experience this performance degradation every day using our IPsec VPN client.

Black Swans - events that are on the tail end of the probability curve. Examples of black swans are Hurricane Sandy, the tsunami / earthquake in Japan & blocking the Internet in Iran.12

The Internet is a shared network - events in another region directly impact performance in another region – in some cases dramatically.

“…The multiservice / single-provider approach can't be replicated directly across a multi-provider network. Companies that attempt to do this will find it difficult to create a uniform global service.”

9

DIY VPN – what are the risks?Are you secure enough? Day-to-day monitoring and continual training is needed to monitor a DIY network.34, 35

Are you secure enough? Most security problems stem from tools not configured correctly and generate too much ‘noise.’

90 alerts per day/per DDoS probe - each @ 3.9 minutes to vet, it's only a matter of time before the important stuff is missed.35

Who is your network providers’ security person? Is he properly trained? Multiple networks = more exposure = more people touching your network.36

One word – DDoS. Will a regional/local DDoS attack take down or slow down your entire network?36, 41

Applications Require Detailed Security Policies

Gartner – “Many security-related services, such as user authentication and access control related to WLANs or VPNs …. often needs to be correlated enterprise-wide.”18

10

Is using a public network a good idea?

Gartner – “Expect to revisit security processes every 12 months.”20

Michael Singer (AT&T Security) – “It is now huge organizations carrying it out (cyber attacks) – cyber armies....... We see very organized, well planned attacks against our customers .... We used to think a 3Gbps DDoS attack was a big attack. Attackers have gone ... into hosting facilities. …”

The players have changed – rogue nation-states, organized gangs and militarized hacking greatly increase exposure. 28

The world is complicated - Syria / Iran Internet limits, Iran limits VPN access, Egypt cable sabotage, Jordan blocks news sites, cable cuts are up to 10X more common in developing regions.30

Regional providers may not protect you – in many countries telecom providers are controlled by the government -- who can turn off Internet or IPsec/SSL VPN access.36

11

Public Network = Congested Peers = Dropped Packets

12

• In times of congestion, TCP acts to reduce traffic flow by 50% - and then increases the flow slowly. A single lost packet in a short data flow can have a huge impact on performance. 38, 41

• Backbones are not created equal. Service providers routinely ‘manage’ networks by: Prioritizing MPLS traffic.

Allowing peering pointsto become congested

Offering ‘private’ peering - $$$$38,41

Cyberarmies - the risk is realAPT1 – China

Afghan Cyber Army

Alarakai Cyber Army: al-Qaeda

Al-Qaeda Electronic Cyber Army

Armenian Cyber Army

Bangladesh Cyber Army

Brazilian Cyber Army

Indian Cyber Army

Iranian Cyber Army

Muslim Liberation Army: Pakistan.

Pakistan Cyber Army

Philippine Cyber Army

Syrian Electronic Army

Tunisian Cyber Army

Turkey Cyber Army

xp1r3 Cyber Army: Bangladesh

McAfee – 128M separate iterations of malware on the Internet in March 2013 19

TimelineTime elapsed from actual intrusion to containment 23

13

* Expansions Planned: Specifics concerning any future IDC expansion, including locations and timing, are subject to change

Regional Hub / ‘Super’ IDCs – Targeted regional centers offering full range of managed & application servicesIDC Expansions – Investments to expand our capacity & footprintAdditional AT&T IDCs

Singapore

DC MetroSan Diego

Amsterdam

NY Metro

AT&T Colocation - Delivering Services on a Global BasisAT&T has an expansive global footprint of 38 IDCs, 8 of which support cloud services

Asia/Pacific – 9

Regional Hubs: *Singapore & Tokyo4

Tokyo3, Hong Kong (2), Shanghai (2), *Sydney, Bangalore

North America – 23

Regional Hubs: Annapolis, Piscataway, San Diego, Dallas, Ashburn, Boston, New York, Secaucus, Chicago (2), Atlanta (2), Los Angeles (2), Allen TX, Seattle, San Jose, San Francisco, Mesa, Orlando, Miami, Nashville, Toronto

South America – 1

*Sao Paulo, Brazil 1Q14

Europe – 6

Regional Hubs: *Amsterdam & *London2, London1, Birmingham, Frankfurt, Paris

Colo Express Promotion Now

Available!

14

AT&T StrategyFlexibly deliver integrated content, applications and services to any device,

anywhere, anytime.

Anywhere, anytime, access to real-time

information

Global customers,employees, partners

and communities

Rich multimediacontent, applications,

and services

Unified, FlexibleServices

Resilient GlobalNetwork

End-to-End Solutions

Broad Range ofEndpoints

15

16

17

18

19

20

AT&T’s Global Support Model

21

Infrastructure

Systems

Services

Simplicity

• Global customer support centers.

• Multiple language support.

• Dense coverage within regions.

• Single point-of-contact across regions.

Efficiency

• Integrated service delivery = seamless service.

• Best-in-class carriers bonded across AT&T global network.

• Integrated SLA management.

• Critical situation management.

Complexity Costs Money

Gartner - “Enterprises sourcing multi-provider WAN services to reduce spending often end up with poorly performing applications due to improper network designs.”18

Analysts Agree – AT&T is a Global Leader

22

AT&T strengthens its position as one of the leaders in the AP telco ICT market, 2013-2014.

…AT&T has made a number of significant progresses over the last one year in China.

AT&T ranks among the world’s largest providers of core voice and data services, one of a handful of carriers that is large enough and sophisticated enough to meet the communications needs of the largest enterprises with a mix of converged, mobile and cloud-based solutions.

AT&T taps the comprehensive reach of América Móvil … with thousands of MPLS nodes in 15 Latin American countries.

“AT&T has an aggressive threat intelligence program…”

“AT&T focuses on threat detection with strong network infrastructure and perimeter defense offerings, including robust log monitoring and analysis features.”

“AT&T has one of the largest networks in the world, providing customers with nearly unmatched network access”

AT&T’s MPLS VPN offering as “one of the best in the industry” and positioning AT&T as “the market leader in the U.S. MPLS VPN services market.”

AT&T is itself evolving to become more open and deliver products and services that its customers can use to leverage its network.”

(AT&T has) one of the strongest managed global MPLS services offering (very high-quality portfolio, features, access technology, speed choices, port speeds, IPv6 integration with MPLS, and also a very good international Layer 2 MPLS offer).

Sources1. An Evolutionary WAN path to cloud computing with WAN virtualization; Andy Gottlieb; Jun 1, 20122. Cisco; The Importance of an End-to-End Approach to Cloud; Paul Adamiak; February 14, 20123. Cloud Computing Driving Innovation; Intel Distinguished Speaker Series; James Hamilton; 9/25/20124. Computerworld UK; AT&T DDOS crime networks now based in hosting facilities; December 7, 20125. Current Analysis; Cloud Connectivity: How Data Services Evolving to Meet Cloud Demands; February 28, 20136. Current Analysis; Connecting to Your Cloud Provider – Internet, Direct Connect or IP VPN?; February 27, 20137. Current Analysis; Demand Drives IPsec /Hybrid VPN Development and Progress; Stradling, Joel; July 31, 20138. Fierce Enterprise; Downtime numbers are downright distressing; July 25, 2013; David Weldon9. Forrester Research; Security Operations Center (SOC) Staffing; Ed Ferrara, August 2, 201310. Forrester; Source Your Network Architecture From A Strategic Partner; February 16, 201211. Gartner; Bandwidth Doesn't Matter; Availability Drives Enterprise Network Costs; 15 July 201312. Gartner; 'Black Swans' Are Sure to Fly in the Public Cloud; 8 November 201113. Gartner; Hybrid WAN Connectivity Using MPLS and IPsec Virtual Private Networks; 13 October 200614. Gartner; Is MPLS Dead; 17 June, 201315. Gartner; Learn the Do's and Don'ts of Contract Negotiation; Published: 7 August 201316. Gartner; Leverage Your Network Design to Mitigate DDoS Attacks; 17 July 201317. Gartner; Meshed Topologies Are Top Choice for Multi-provider WANs; 24 October 201218. Gartner; Multi-provider WAN Sourcing Will Alter Existing Bundled-Service Practices; 18 December 201219. Trustwave “Global Security Report 2013”20. Gartner; Net IT Out; Network Strategy is for a Hybrid Cloud World; Eric Paulak; December 6, 201121. Gartner; Plan Now For the Hyper-converged Enterprise Network; 2 May 201222. Gartner; Use a Multi-provider WAN Strategy to Improve Flexibility and Pricing; 10 October 2012

23

23. McAfee – Risk Compliance Outlook 2013 24. Gartner; When and How to Switch U.S. Network Service Providers; 28 June 201325. IDC; Network Enabled Cloud; January 201326. Kleiner Perkins Caufield Byers; Internet Trends by Mary Meeker; 5/29/201327. Level 3; Optical Networking for Cloud Services; 14 May 201328. Mcfee; Needle in a Haystack; July 201329. Next-Generation Enterprise WANs; Andy Gottlieb; February 25, 201330. NYT; Syria Loses Access to the Internet; May 7, 201331. OECD Insights; Internet traffic exchange - 2 billion users and its done on a handshake; October 22, 201232. Ovum; IP Peering and Transit - Critically Important Wholesale Relationships: 27 June 201333. Prolexic; 12 Questions to Ask a DDoS Mitigation Provider; July 22, 201334. Prolexic; Quarterly Global DDoS Attack Report; 2Q1335. Sourcefire; William Blair Growth Stock Conference; June 12, 201336. The Economic Times; Sabotage of Undersea Cables to slow down Internet speed for 30 days; Thomas Philip37. The Street; Bottlenecks in the cloud; Dan Blankenhorn; 3/01/201338. Wall Street Journal; Web Companies Pay for Internet Fast Lane; June 9, 201339. Wall Street Journal; Why Software is Eating the World; Marc Andreessen40. WAN Virtualization Technology - RAID for WANs; Andy Gottlieb; June 15, 201241. Where in the Internet is Congestion; Daniel Genin, Jolene Splett; National Institutes of Standards and Technology; 14 July 201342. WHIR; Having Problems with your Netflix? You can blame Verizon; Om Malik & Stacey Higginbotham; 8 August 201243. Why does MPLS cost so much more than Internet connectivity?; Andy Gottlieb; 4/19/201244. Renesys; The New Threat: Targeted Internet Traffic Misdirection, November 2013;

Sources

24